Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: HTTP Header Usage Statistics HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
X-Frame-Options
Content-Length
Strict-Transport-Security
X-Content-Type-Options
Last-Modified
Cf-Request-Id
CF-RAY
CF-Cache-Status
Accept-Ranges
Link
Pragma
ETag
X-XSS-Protection
Expect-CT
X-Powered-By
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
Referrer-Policy
X-Amz-Cf-Pop
X-Amz-Cf-Id
X-Cache-Hits
Alt-Svc
P3P
X-UA-Compatible
X-Served-By
X-Timer
X-Download-Options
Access-Control-Allow-Headers
X-Varnish
X-Xss-Protection
Access-Control-Allow-Methods
X-Request-Id
Access-Control-Allow-Credentials
X-AspNet-Version
X-Runtime
X-Adblock-Key
X-Permitted-Cross-Domain-Policies
Content-Security-Policy-Report-Only
X-Request-ID
X-Drupal-Cache
X-Check
X-Cache-Status
P3p
X-Generator
X-DNS-Prefetch-Control
X-Cacheable
Timing-Allow-Origin
X-Content-Security-Policy
X-FRAME-OPTIONS
X-Iinfo
Status
Content-Encoding
Feature-Policy
X-AspNetMvc-Version
X-CDN
X-Ua-Compatible
Access-Control-Expose-Headers
Upgrade
X-Envoy-Upstream-Service-Time
X-Drupal-Dynamic-Cache
Access-Control-Max-Age
X-Via
Keep-Alive
X-Dns-Prefetch-Control
Server-Timing
X-Robots-Tag
Request-Context
X-Server
X-Ws-Request-Id
X-AH-Environment
X-Age
X-Hacker
X-Turbo-Charged-By
X-Proxy-Cache
X-Server-Powered-By
X-Cache-Group
X-Backend
Host-Header
EagleId
X-Nginx-Cache-Status
X-Amz-Request-Id
X-Amz-Id-2
Report-To
X-Rq
X-LiteSpeed-Cache
X-Varnish-Cache
Grace
X-Page-Speed
X-UA-Device
X-Swift-CacheTime
X-Swift-SaveTime
Ali-Swift-Global-Savetime
X-Device
X-Pingback
X-Server-Id
EagleEye-TraceId
X-Vhost
X-Styx-Req-Id
X-Pantheon-Styx-Hostname
Cf-Railgun
X-Amz-Version-Id
X-Host
X-Dispatcher
X-OneAgent-JS-Injection
NEL
X-CST
X-Node
Allow
Surrogate-Control
X-Cache-Spec
Request-Id
X-Backend-Server
X-WebKit-CSP
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Response-Time
X-Akam-SW-Version
X-Readtime
Accept-CH
Xkey
X-HW
X-Country
X-Ac
Content-Location
X-Application-Context
X-Language
Accept-Ch-Lifetime
X-Webkit-CSP
X-Template
Rating
MS-Author-Via
X-Url
X-Cloud-Trace-Context
X-Cache-Lookup
X-Mod-Pagespeed
X-Ruxit-JS-Agent
Edge-Control
X-Vname
X-PC
X-TtlSet
X-Clacks-Overhead
X-B3-TraceId
X-ESI
X-MS-InvokeApp
X-Trace
X-GitHub-Request-Id
X-Varnish-TTL
Accept-CH-Lifetime
Fastly-Restarts
X-Content-Type
X-ASPNET-VERSION
X-Cnection
Accept-Ch
X-Origin-Cache
X-Rack-Cache
X-D2id
X-Kinja-Build
X-GoogleNews-Bot
X-Kinja
X-Kinja-Revision
X-Kinja-Server
X-Use-Magma
X-Exp-Id
X-Cdn-Fetch
X-Exp-Variant
Arr-Disable-Session-Affinity
X-Country-Code
Verso
X-Goog-Hash
X-VARITI-CCR
X-Cached
X-Server-Name
X-Vcap-Request-Id
X-Powered-By-Plesk
X-FastCGI-Cache
X-Navigation-Version
Cache-Tag
X-Client-IP
X-Amz-Rid
X-Abt-Application-Version
Service-Worker-Allowed
X-Buckets
X-Sol
X-Middleton-Response
Response
X-Middleton-Display
Display
Pagespeed
X-ORACLE-DMS-ECID
RTSS
X-Fastly-Request-ID
Access-Control-Request-Method
X-Element-Page-Cache
X-Cache-TTL
X-MSEdge-Ref
X-Powered-CMS
X-Ttl
X-NF-Request-ID
X-Oneagent-Js-Injection
X-Dw-Request-Base-Id
X-Upstream
Public-Key-Pins
X-Ruxit-Js-Agent
X-Version
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Edge
S
X-Kinsta-Cache
X-LLID
MRF-Tech
Mrf-Cache-Status
X-B3-TraceId-Primal
X-TTL
SPIisLatency
Realpath
SPRequestDuration
X-Accel-Expires
X-SharePointHealthScore
SPRequestGuid
X-Px
X-HP-Webp
X-Jurisdiction
X-T
X-MCACHE
X-Forwarded-Proto
X-Mid
X-Correlation-Id
X-PressLabs-Stats
X-Release
X-Edge-Location-Klb
X-ECACHE
X-Mg-S
Charset
X-Litespeed-Cache
X-Content-Security-Policy-Report-Only
X-Recruiting
X-Shield-Request-Id
Edge-Cache-Tag
X-Ezoic-Cdn
TP-Cache
TP-L2-Cache
Pinterest-Generated-By
Pinterest-Version
X-Pinterest-Rid
Fastcgi-Cache
X-DynaTrace
X-Amz-Server-Side-Encryption
X-ORACLE-DMS-RID
X-Id
X-Content-Digest
X-Kraken-Routeconfig-Destination
X-Server-Lifecycle-Phase
X-Instrumentation
X-Kraken-Loop-Name
X-Request-Received
Filters
X-Request-Processing-Time
Cache-Tags
Content-MD5
Server-Node
X-Logged-In
Alternate-Protocol
Front-End-Https
Nginx-Cache
X-Forwarded-For
Server-Name
X-WebKit-CSP-Report-Only
X-Cache-Key
X-Origin-Upstream-Status
X-Amzn-Trace-Id
Fusion-Content-Source
Fusion-Source
Fusion-Deployment-Id
Fusion-Component-Id
Fusion-Template-Id
Fusion-Content-Id
TCN
X-Origin-Server
AR-ATIME
AR-PoweredBy
AR-CACHE
Ar-Sid
AR-Request-ID
X-XRDS-LOCATION
X-Grace
X-Contextid
X-Amz-Replication-Status
X-Geo-Country
X-Rid
X-AppVersion
X-Az
X-F-Cache
X-Activity-Id
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
X-Goog-Generation
X-Goog-Stored-Content-Length
X-GUploader-UploadID
X-HS-Hub-Id
X-HS-Content-Id
X-HS-Cache-Config
Host
X-Goog-Metageneration
Cleartype
X-HS-Combine-CSS
X-Hostname
X-Www-Served-By
X-Frontend
X-Protected-By
X-Fastcgi-Cache
Section-Io-Cache
X-LB-Cache
X-XRDS-Location
X-Debug-Info
X-Ser
MicrosoftSharePointTeamServices
X-RateLimit-Remaining
X-Erf-Bev-Bev
X-Browser-Type
X-Erf-Bev-Bev-Is-Generated
X-Aspnetmvc-Version
X-Tec-Api-Version
X-Page-Id
X-Tec-Api-Root
X-Request-Handler-Origin-Region
X-Microsite
X-Tec-Api-Origin
X-Git-Hash
X-Varnish-Age
X-Cache-Age
Accept-Charset
X-Respond-Thread
X-Upgrade-Enabled
ServerID
X-DIS-Request-ID
Nel
X-Source
X-Hits
Paypal-Debug-Id
X-VCache
X-Mobile-URL
X-Varnish-Backend
X-NWS-LOG-UUID
X-Content-Options
X-CACHE-GROUP
X-Varnish-Grace
X-Signature
X-B-Cache
X-Providence-Cookie
X-Route-Name
X-Request-Guid
X-Flags
X-Is-Crawler
X-Aspnet-Duration-Ms
Healthy
Payment
X-Whom
Access-Control-Allow-Method
X-N
X-App-Environment
X-FB-Debug
X-Kong-Proxy-Latency
X-B3-Sampled
X-Kong-Upstream-Latency
Viewport
X-TT
X-Cache-Action
Node
X-Seen-By
X-Type
X-Daa-Tunnel
X-AOL-HN
X-Load-Cache
X-Server-ID
Fastcgi-Useragent
MS-CV
Version
X-Mobile
DC
X-Webkit-Csp
X-Cache-Expired-At
X-Ua-Device
Filterid
X-IPLB-Instance
X-HTML-Minification-Powered-By
X-Distributor
DynaTrace
X-Yandex-Sdch-Disable
X-Cache-Control
SRV
X-FireWall-Port
X-Ab
Retry-After
X-Response-Served-From
X-Original-Request-Id
X-Debug
X-Real-IP
X-Instance
X-Tumblr-Pixel-0
X-Tumblr-Pixel
X-Tumblr-Pixel-1
X-Tt-Trace-Tag
X-Proxy-Cache-Status
X-ProcessESI
X-Accel-Buffering
X-Tt-Trace-Host
X-UUID
NGB
X-Tumblr-User
X-RemovedCookies
Refresh
X-Region
X-RTag
X-Varnish-Server
X-Device-Type
X-Page-View
X-Proxy
X-IPS-LoggedIn
Ms-Operation-Id
X-Jobs
X-Debug-IsPreview
Cache
Frame-Options
X-Cache-Time
X-Framework
X-Content-Powered-By
X-Debug-IsConnected
X-Cluster-Name
Uber-Trace-Id
X-Adobe-Content
X-Adobe-Loc
Access-Control-Request-Headers
X-B
X-Cacheable-TTL
X-User-Agent
VIX-Pulpo-Node
VIX-Pulpo-Upstream-Status
X-G
X-Wix-Request-Id
X-FW-Hash
X-Zen-Fury
X-FW-Type
X-FW-Static
X-FW-Server
X-FW-Dynamic
X-FW-Serve
Countrycode
Section-Io-Origin-Status
Section-Io-Origin-Time-Seconds
Section-Io-Id
Section-Origin-Responded
X-Cache-Hit
Cache-Status
Surrogate-Key
X-Vgn-Hpd-Reason
X-Time
X-App-Version
X-Drupal-Cache-Tags
Country
X-NGENIX-Cache
X-Nginx-Cache
X-Azure-Ref
X-Is-Bot
X-Rendered-As
Eomportal-Instance
X-RateLimit-Limit
X-TA-CDN-Provider
X-EdgeConnect-Cache-Status
X-App-Server
X-Mg-Request-UUID
S-Cnection
X-Oracle-Dms-Rid
X-Rule
X-Ms-Request-Id
X-Ms-Version
X-Drupal-Cache-Contexts
CF-IPCountry
Referer-Policy
X-CDN-Forward
X-Cache-Rule
Liferay-Portal
AMP-Access-Control-Allow-Source-Origin
X-UPSTREAM-Address
Meta-Geo
X-SaId
X-Tumblr-Pixel-2
Selected-Fe
From-Origin
X-RN-RSRV
SD-X-WS
X-Timing-Wait
X-Proxy-Build
X-ES-SERVER
X-JoinUs
X-Varnishpool
X-Sorting-Hat-ShopId
X-Xfnlog-Site
X-Handled-By
X-Backend-Host
X-Alternate-Cache-Key
X-Via-Fastly
X-Cache-Server
X-Endurance-Cache-Level
X-PHP-Backend
X-Yottaa-Metrics
X-ShopId
X-Storefront-Renderer-Rendered
X-TNCMS
X-R9-Blue-Green-Version
X-Pubstack
X-ShardId
Protected
X-Sorting-Hat-PodId
ServedBy
Country-Code
X-Loop
X-Node-Name
X-Shopify-Stage
X-Yottaa-Optimizations
X-No-Session
Decoy-Debug-TTL
TWC-GeoIP-LatLong
TWC-Locale-Group
Property-Id
Fastly-SSL
TWC-Privacy
TWC-Connection-Speed
Cache-Tv-Group
Decoy-Debug-Status
TWC-Device-Class
Decoy-Debug-Key
TWC-GeoIP-Country
Azure-SlotName
X-Origin-Hint
X-PCL
X-S-Maxage
X-OCL
X-Request-Time
X-Varnish-Hostname
X-Proto
X-Say-Cacheable
X-VWS-Id
X-Say-TTL
X-SayCDN-TTL
X-Server-W
X-Human
X-NYM-Debug-Backend
X-Be
X-LAGOON
X-AWS-Id
Webcakes-Region
Webcakes-App-Version
X-LJ-Flow-ID
Cache-Name
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Webcakes-App-Name
X-Cache-PHP
X-Cache-TTL-Remaining
Akamai-GRN
X-Cache-Operation
X-RCS-CacheZone
X-ProxyCache-Key
X-BYPASS-REASON
X-PHP-Host
X-Section
X-Sql-Duration-Ms
X-Backend-Name
X-Sql-Count
X-Access
X-Format
X-Redis-Cache
X-ProxyCache-Status
X-Environment-Context
X-Labrador-Cache-Channel
X-Origin-Date
X-Hyper-Cache
X-L-Path
X-Hl-Ver
X-ApacheServer
X-Hosted-By
X-Adobe-Source
X-Cached-By
X-UA-Device-Type
Apigw-Requestid
X-Dc
X-FB-TRIP-ID
X-GG-Cache-Date
Mn-Server-Ip
X-Status
X-PERF
X-Varnish-Beresp-Grace
X-Uri
X-Akamai-Edgescape
Xserver
X-Web-Node
Amp-Access-Control-Allow-Source-Origin
X-WA-Info
X-Trace-Id
X-Content-Age
X-MP-GENERATED-AT
X-ATG-Version
X-FW-Version
X-B3-SpanId
X-Cache-Enabled
X-B3-Traceid
X-Revision
X-Soup
X-SRV
X-Mode
X-Edge-Location
X-Time-Microsecs
Backend
X-ServerID
X-CSRF-Token
X-Tumblr-Pixel-3
X-Info
X-Cache-Type
Who
X-CACHE-KEY
X-Bc-Bl
X-APP-VERSION
X-Microcachable
X-Varnish-Beresp-Status
X-Cache-NGX
X-Akamai-Transformed
X-Detected-As
X-Debug-Cache
X-CS
X-Routing-Service
X-Platform
X-Zipkin-Id
X-Azure-Ref-OriginShield
X-Datadome
X-Proxied
X-Storage
Web-Mar-Node
X-Aws-Lambda-Call-Status
X-TT-LOGID
X-Varnish-Cache-Hits
X-Generation-Time
X-Cache-Host
X-Amzn-RequestId
X-Amz-Apigw-Id
DataCenter
X-Amzn-Remapped-Content-Length
X-Via-JSL
X-DataDome
OT-Force-Account-Verify
X-Locale
X-Cluster-Node
X-Varnish-Hits
X-Unique-ID
X-Extlb
Server-Info
Cross-Origin-Opener-Policy
X-Origin-TTL
GEO-INFO
X-Parallel-Accel
X-Varnish-Beresp-Ttl
X-Origin-CC
X-Site-Version
Count-Hit
X-D
X-Level-Front-Cache
Host-ID
X-Destination
X-Location
X-Magnolia-Registration
X-Cms-Context
X-NAPM-TraceId
M-TraceId
X-PAYTM-SRV-ID
X-PBS-Appsvrname
X-Air-Hostname
X-Air-Source
User-Cache-Control
X-Connection-Hash
X-Developer
X-Air-Trace-Id
X-Core-Value
X-Vdms-Path
CDN-Cache
CDN-CachedAt
CDCHOST
X-External-Request-Id
BehaviorPad-Version
CDN-EdgeStorageId
CDN-PullZone
Content-Disposition
X-From
CDN-Uid
CDN-RequestId
CDN-RequestCountryCode
DCR-Decision-By
X-Generated-On
Expiry
X-Vdms-Version
Fastcgi-X-Cache-Version
Fastly-Backend-Name
X-CF-Lambda-Version
A
X-Geo-Header
Apple-News-Services-Parsed-Url
Apple-News-Services-Request-Url
Apple-News-Services-Host
Apple-News-Services-Handled
DCR-Processing-Time-Ms
X-EC-Lua
MD5-Digest
X-Application
X-S-Cookie
X-Varnish-Url
X-ScT
X-Service
X-Aed
X-S
X-ARC
Meta-Geo-Continent
T-Server
X-Rewrite-Enabled
X-Rojux
X-AIR-PT
X-Session-Fingerprint
X-SRCache-Key
X-A-Ccd
X-Vtex-Processado-Em
X-VG-WebServer
X-A
Geo-Info
X-Ratelimit-Limit
X-A-Dam
X-A-Dcw
X-A-Wwc
X-Sucuri-ID
X-Vtex-Remote-Cache
X-A-Dgt
X-Thanos
X-Request-URI
X-B-Cookie
X-VG-WebCache
X-Bip
X-Cache-NE
X-Ratelimit-Reset
Rendered-Blocks
Odigeo-Trace-Id
X-Proxy-Upstream
X-CF-Lambda-Fn
Mobile-Detection-Method
Surrogated-Key
X-Processor
X-BCube-Filmed-By
X-Cache-Bucket
X-Tb
X-Pass-Why
X-Envoy-Decorator-Operation
Fastly-SWR
Location
X-Fmm-Version
Fastly-SIE
X-Clientip
X-Backend-State
Memcached
Cmstype
Gh-Request-Id
Cmsid
X-Clara-WADP
X-Fastly-Cache
UCS
PFcat
X-Aicache-OS
Pics-Label
Esi-Enabled
X-Cache-Debug
X-Developers
X-Cache-Info
X-Date
X-Branch-Name
X-Accel-Expires-Debug
Pagetype
Path
Server-Host
X-Has-Esi
X-NU-AKA-ACS-Version
X-Origin
X-Amz-Meta-S3cmd-Attrs
X-VarnishDD-TTL
Cache-Host
X-Micro-Cache
X-JWT-State
X-Varnish-Ttl
X-Scheme
X-Request-UUID
X-Request-Host
X-Rebelmouse-Cache-Control
State
Req-Svc-Chain
My-App
X-Epic-Correlation-Id
X-Rebelmouse-Surrogate-Control
X-Platform-Server
X-Forwarded-Site
X-Req
X-Is-Gdpr
X-Men
X-TrackingId
Ec-Rule-Version
X-Hash
AKAMAI
X-Var-Ttl
CacheControlHeader
X-Generated-By
X-HN
X-GoCache-CacheStatus
X-VG-TLSProxy
X-Served-From
X-WADP-Cache
Upgrade-Insecure-Requests
X-Servername
Fastcgi-Cache-TTL
Wxu-Next-Hostname
Kp-EeAlive
Wxu-Next-Commit
L
Wxu-Next-Region
X-Wikidot-Backend
X-Minions-Version
X-Variation
X-Thinkindot-L3
X-SVT-ORM-RULES
X-Viewer-Country
X-Wikidot-Static-Cache
X-SVT-ORM-VERSION
We-Hiring
X-HS-Content-Campaign-Id
X-Hnp-Log
X-VC-Cache
X-DPWN-IS-SECURE
X-Device-Os
X-Gzip
X-Esi-Check
X-Gen-Mode
X-Gamma-Serve
X-Fastly-Backend
X-Generated-In
X-Eu-Site
X-Irp-Debug
X-Sigma-Backend
X-RateLimit-Limit-Second
X-Cache-Tags
X-RateLimit-Remaining-Second
X-Cache-Id
Origin
X-Rocket-Build-Number
X-Policy
X-Mvc-Supplant-Cachable
X-Csrf-Jwt
X-Origin-Expires
X-CGP
X-Sigma
X-Cache-Grace
X-Block-Status
Mail-Subject
X-Cluster
L5d-Success-Class
NGX
NM-Fastcgi-Cache
Platform
PB-RID
PB-PID
HA-Ipaddr
Ha-Gx-Prefs
Arc-Version
Arc-Country
Adler-Geo
C-Via
Cache-Key
DSUID
X-TX-ID
Cf-Device-Type
Svr
Is-Eu
True-Client-Country-4JS
Thinkindot-CacheControl
Thinkindot-Control
TDXMobile
Thinkindot-CacheControl-Type
X-NWS-UUID-VERIFY
Webserver
Source
X-Ratelimit-Remaining
X-FC-Vary-Parameters
X-Forwarded-Host
X-Fetched-On
CPC-Age
X-Skip-Cache
X-Slack-Backend
X-Qloud-Router
CPC-Cache
X-GeoIP-City
X-Old-Content-Length
X-Nginx-Cache-Key
X-LI-UUID
X-Li-Pop
X-Owner
X-PF-Uncompressing
VNS-Age
VNS-Cache
X-GeoIP
Vix-Hermes-Req-Id
X-SIPLIST1
X-Loc
Server-Ext
X-Varnish-CookieINHashed-On
X-User
Release
X-VServer
X-Via-NSCOPI
Locid
X-Varnish-CookieHashed-On
X-Varnish-Remaining-TTL
X-DefHash
Sever-Int
Fastly-Drupal-HTML
X-DefElseHash
X-Li-Fabric
IsBot
Server-Hostname
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Tcn
NtCoent-Length
X-Unique-Id
X-Planisys-CDN-Cache
X-Planisys-CDN-TTL
X-TraceId
V-Age
X-Mvc-Supplant-OutputCached
Url
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Planisys-CDN-Rules
SID
XServer
X-CLOUD-TRACE-CONTEXT
Powered-By-ChinaCache
X-Orig-Expires
X-Forwarded-Path
X-PJAX-URL
Cache-Hits
X-Shop-Environment
X-OVcl-Cache
X-OVcl
X-Tenant
X-Vc
X-Ua
S-Rt
X-Refresh
DB-Nickname
X-Zone
Cf-Bgj
X-Cache-Ttl
MIME-Version
X-Via-Popn
X-Via-Poph
Cross-Origin-Window-Policy
X-Via-Popv
X-Backend-TTL
X-NC
Magicmarker
X-Ftr-Request-Id
X-ID
X-TIME
Time
GeoIp-Country-Code
X-Internal-Host
X-Conf
Geoip-Latitude
X-Geo
X-GEO
Memory
WebServer
Content-Secure-Policy
X-LB-ID
X-Dispatcher-Server
X-BBC-Edge-Cache-Status
X-ZONE
X-Method
X-NCache
X-HP-Trace-Id
X-Worker
X-Servedbyhost
X-Srv
X-Ckpd-Fst-Backend
HostName
X-Auto-Login
Server-ID
X-IP
Hostname
X-LSADC-Cache
Ssr
X-Newrelic-Synthetics
X-M-Reqid
X-Li-Proto
X-Render-Time
X-V-Cache
X-Qnm-Cache
X-M-Log
X-Rocket-Nginx-Serving-Static
X-NewRelic-App-Data
LB
X-Tx-Id
X-Platform-Processor
X-Nc
X-Platform-Router
X-Trv-Group
X-DC
X-Platform-Cluster
X-Wa
X-Tb-Optimization-Total-Bytes-Saved
X-Vcl-Version
X-App
X-Cache-Remote
Resin-Trace
X-Node-Id
X-SD-PageType
Ohc-File-Size
X-Traceid
X-Datadog-Trace-Id
X-MSEdge-Flight
X-MSEdge-Features
X-Origin-Response-Time
X-VCL-Version
X-APP
Sid
Environment
X-Datadog-Parent-Id
X-Datadog-Sampling-Priority
X-Via-CDN
X-Dynatrace
X-HITS
Env
X-CACHE-AGE
X-VHOST
X-Nyt-Route
X-Gdpr
X-Reqid
X-Cache-Config
X-BBC-Origin-Response-Status
X-NodeID
X-FTR-Request-ID
X-Via-Ucdn
X-API-Version
X-HostName
X-Origin-Time
X-ServerName
X-Edge-Pop
Cluster
CF-Cached-On
X-Server-IP
X-Pod-Name
X-Varnish-Beresp-TTL
X-WA
X-Correlation-ID
X-DynaTrace-JS-Agent
Datacenter
Cf-Ipcountry
X-ND-Cache
Viewtype
X-ElasticPress-Query
X-Wix-Viewer-Type
Candidate-Md5Url
VivaBuild
Rt-Fastcgi-Cache
X-Cdn-Forward
X-Cs
Machine
X-Fastly-Request-Id
X-LI-Proto
X-HS-Status
Web-Mar-Region
X-Akamai-Pragma-Client-IP
X-Dynatrace-Js-Agent
X-Cache-Var
N-Cache
X-Cache-Var-Map
CDN
X-NGINX-Cache
On-Server
Server-Id
X-ServedByHost
FSS-Cache
Proxy-Connection
X-Lb-Id
X-CSRF-TOKEN
WZWS-RAY
X-FTR-Cache-Status
GeoIP-Country-Code
GeoIP-Latitude
X-Check-Cacheable
X-FTR-DC
X-FTR-Realm
X-Via-PopN
X-Via-PopH
X-FTR-Backend
X-Via-PopV
X-CCM
X-FTR-Balancer
X-Oss-Object-Type
X-Oss-Request-Id
X-Oss-Hash-Crc64ecma
Servername
X-URL
X-Oss-Storage-Class
X-Oss-Server-Time
Xc-Version
X-Country-Code-Real
X-FTR-Backend-Server
X-Swa-Ws
X-Esi
Ohc-Cache-HIT
X-Xrds-Location
Onion-Location
X-EIG-Tracking-Id
WWW-Authenticate
X-Cache-Backend
Tracecode
X-Fastly-Backend-Reqs
X-IN-APIGATEWAYSSL
X-Pjax-Url
X-VC
X-IN-APIGATEWAY
X-Varnish-Cacheable
Cdn
X-ECache
X-Swift-Error
CountryCode
X-SN
Mime-Version
Cteonnt-Length
URI
X-CUA
X-Webkit-CSP-Report-Only
X-Cache-ASPX
X-Varnish-Authentication
X-Contensis-Viewer-Groups
X-FTR-Expires
Instruction
SR-User-Adfree
X-Region-Sid
X-Air-Pt
CACHE
X-Tt-Logid
X-FORWARDED-FOR
X-DSS
X-DW
X-Snapshot-Date
X-DI
X-RPS
X-RPM
Shield-Pop
X-UnsetCookies
Ohc-Response-Time
X-Fastly-Cache-Hits
X-Depends-On
X-Action
X-DB
X-RSL
X-Webstats-RespID
X-Fpc
X-Dw-Trace-Id
Server-Ttl
X-Pf-Uncompressing
X-LiteSpeed-Cache-Control
X-SB
X-TIM-N
X-Yottaa-OS
X-ElasticPress-Search
X-StackifyID
Warning
Redirect-Candidate
WP-Super-Cache
X-Request-Start
X-Provided-By
Xet-Cookie
Lfy
W
X-Core-Mission
X-Tid
X-FPC
CloudFront-Viewer-Country
X-CCDN-Origin-Time
X-CCDN-CacheTTL
X-Acquia-Application-UUID
X-Cache-Status-Check
X-Hcs-Proxy-Type
X-Mg-Request-Id
X-TH-Server
X-C
X-Matched-Rule
X-Acquia-Application-Trace
X-Apw-Hits
X-Apw-Access-Token
X-Pad
Content-Script-Type
Content-Style-Type
ServerName
X-MiniProfiler-Ids
X-Cache-Expires
X-Apw-Access-Object
X-Apw-Access-Action
X-Acquia-Purge-Tags
X-Acquia-Site
Vha6-Origin